reorganize github etc directory

author: netblue30 <netblue30@yahoo.com> 2020-04-21 08:24:28 -0400
committer: netblue30 <netblue30@yahoo.com> 2020-04-21 08:24:28 -0400
commit: 018d75775eab4a0f045949a9d069c57686ca2686 (patch)
tree: aac3a1a65cca0d4875795c55109a5c3e35efdefb /etc/profile-m-z/Xephyr.profile
parent: small fixes (diff)
download: firejail-018d75775eab4a0f045949a9d069c57686ca2686.tar.gz
firejail-018d75775eab4a0f045949a9d069c57686ca2686.tar.zst
firejail-018d75775eab4a0f045949a9d069c57686ca2686.zip
1 files changed, 42 insertions, 0 deletions
diff --git a/etc/profile-m-z/Xephyr.profile b/etc/profile-m-z/Xephyr.profile
new file mode 100644
index 000000000..ab5fdf942
--- /dev/null
+++ b/etc/profile-m-z/Xephyr.profile
@@ -0,0 +1,42 @@
+# Firejail profile for Xephyr
+# This file is overwritten after every install/update
+# Persistent local customizations
+quiet
+include Xephyr.local
+# Persistent global definitions
+include globals.local
+#
+# This profile will sandbox Xephyr server itself when used with firejail --x11=xephyr.
+# To enable it, create a firejail-Xephyr symlink in /usr/local/bin:
+#
+#    $ sudo ln -s /usr/bin/firejail /usr/local/bin/Xephyr
+#
+# or run "sudo firecfg"
+#
+whitelist /var/lib/xkb
+include whitelist-common.inc
+caps.drop all
+# Xephyr needs to be allowed access to the abstract Unix socket namespace.
+nodvd
+nogroups
+nonewprivs
+# In noroot mode, Xephyr cannot create a socket in the real /tmp/.X11-unix.
+# noroot
+nosound
+notv
+nou2f
+protocol unix
+seccomp
+shell none
+disable-mnt
+# using a private home directory
+private
+# private-bin sh,Xephyr,xkbcomp
+# private-bin bash,cat,ls,sh,strace,Xephyr,xkbcomp
+private-dev
+# private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,nsswitch.conf,resolv.conf
+#private-tmp
author	netblue30 <netblue30@yahoo.com>	2020-04-21 08:24:28 -0400
committer	netblue30 <netblue30@yahoo.com>	2020-04-21 08:24:28 -0400
commit	018d75775eab4a0f045949a9d069c57686ca2686 (patch)
tree	aac3a1a65cca0d4875795c55109a5c3e35efdefb /etc/profile-m-z/Xephyr.profile
parent	small fixes (diff)
download	firejail-018d75775eab4a0f045949a9d069c57686ca2686.tar.gz firejail-018d75775eab4a0f045949a9d069c57686ca2686.tar.zst firejail-018d75775eab4a0f045949a9d069c57686ca2686.zip

diff --git a/etc/profile-m-z/Xephyr.profile b/etc/profile-m-z/Xephyr.profile new file mode 100644 index 000000000..ab5fdf942 --- /dev/null +++ b/etc/profile-m-z/Xephyr.profile
@@ -0,0 +1,42 @@
	1	# Firejail profile for Xephyr
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	quiet
	5	include Xephyr.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	#
	10	# This profile will sandbox Xephyr server itself when used with firejail --x11=xephyr.
	11	# To enable it, create a firejail-Xephyr symlink in /usr/local/bin:
	12	#
	13	# $ sudo ln -s /usr/bin/firejail /usr/local/bin/Xephyr
	14	#
	15	# or run "sudo firecfg"
	16	#
	17
	18	whitelist /var/lib/xkb
	19	include whitelist-common.inc
	20
	21	caps.drop all
	22	# Xephyr needs to be allowed access to the abstract Unix socket namespace.
	23	nodvd
	24	nogroups
	25	nonewprivs
	26	# In noroot mode, Xephyr cannot create a socket in the real /tmp/.X11-unix.
	27	# noroot
	28	nosound
	29	notv
	30	nou2f
	31	protocol unix
	32	seccomp
	33	shell none
	34
	35	disable-mnt
	36	# using a private home directory
	37	private
	38	# private-bin sh,Xephyr,xkbcomp
	39	# private-bin bash,cat,ls,sh,strace,Xephyr,xkbcomp
	40	private-dev
	41	# private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,nsswitch.conf,resolv.conf
	42	#private-tmp